Cybersecurity attempted breach is performed successfully. Due to the



Due to the increasing dependence of digital
technologies to conduct operations, cybersecurity became important due to cyber
risk or incidents. Cyber risk a company may face includes remediation cost for
stolen assets or information as well as the repair cost of system damage that
may have been caused, an increase it budget on cybersecurity, lost revenue from
unauthorized use of proprietary information, litigation and most importantly
reputation damage that deters customers or investors.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now


Since 2011, the Security and Exchange
Commission (SEC) has established the CF Disclosure Guidance: Topic no.2 to make
companies disclose their obligations relating to cybersecurity risk and cyber
incidents, the third line of defense from cyber attacks have fallen to the
hands of internal audits. As an internal audit, several responsibility that is
given includes working with management and board of directors to develop cyber
security strategy, improving the company’s resistance to potential risk both
from internal and external attacks, keeping a current understanding of
potential cyber risk and make sure everyone is highly engaged due to the
everchanging nature of cyber risk, make sure the number of personnel working on
cybersecurity is sufficient and evaluate the cyber security program with the
NIST Cybersecurity framework, ISO 27001 and 27002 and disclosing event of cyber
incidents at a timely manner.


However, due to the aforementioned
everchanging nature of technology and cyber risk, it is hard to stay in the
arms race. In June of 2017, a global ransomware attack happened and due to
being a new type of malware, due to its difference with other malwares, even if
Kapersky announced the finding of its prototype in 2016, it remained undetected
when the malware enters the system.




I think the responsibility on cybersecurity
put on internal audit is quite a difficult task to handle due to the
everchanging and growing ways of compromising a cybersecurity system. Attacks
could come at anytime from anywhere, and the hole in the security system cannot
be easily noticed unless an attempted breach is performed successfully. Due to
the nature of cybersecurity, I suggest that additional tool to be used to aid
auditors in their endeavour.




I think using AI through the process of
machine learning, it can help identify the security risk. In an interview with
Forbes, Simon Crosby CTO of Bromium said the AI is not going to be perfect,
since they function with pattern recognition and not necessarily able to
differentiate different kind of approaches, but it can help to reduce the
burden placed on internal auditors on cybersecurity, since they learn from
previous attacks and identify the holes in the cybersecurity. The fact that an
AI can function 24 hours a day makes it so even when the absence of
cybersecurity personnel, an amount of protection is still given to the data and









Opgenorth, K. (n.d.). KnowledgeLeader Blog.
Retrieved January 15, 2018, from

CF Disclosure Guidance: Topic No. 2. (2011,
October 13). Retrieved January 15, 2018, from

EY – 2017 year-end issues for audit
committees. (n.d.). Retrieved January 15, 2018, from

Editors, F. T. (2017, August 21).
Separating Fact From Fiction: The Role Of Artificial Intelligence In
Cybersecurity. Retrieved January 15, 2018, from

Frenkel, S. (2017, June 27). Global
Ransomware Attack: What We Know and Don’t Know. Retrieved January 15, 2018,